1. Field of the Invention
This invention relates to an apparatus for identity verification by means of a data card with protection against misuse of the card by unauthorized users. In particular, this invention relates to an apparatus yielding access to sensitive data stored on a personal data card only to the authorized owner. This invention also relates to a method based on cryptographic principles for identity veritication.
2. Description of the Prior Art
Plastic cards for different types of stored data are presently in wide use. Application examples are credit cards and cards bearing access control information for automatic teller machines. Such cards are used to perform authorizations.
However, these data cards suffer from some shortcomings: (A) The amount of data that can be stored on a card is limited. Presently the storage capacity is about 100 bytes. (B) The storage normally is of the read-only type. (C) It a card is lost there is only minimal protection against misuse.
In order to overcome these shortcomings, a so-called personal data card (PDC) is suggested. Such a personal data card would contain or be provided with a non-volatile (for instance, RAM type) storage device having a high storage capacity, for instance a storage capability of several kbytes. This PDC should also be provided with an effective protection against loss or unauthorized data access. Such a PDC could be used for a variety of new applications.
Examples for the kind of information that may be stored and for the usage of such a personal data card are the following:
(a) The PDC may be used as an electronic ID card containing personal data such as name, date and place of birth, height, Social Security Number, driver's license information, passport number, and address. The ID card could be used to help speed up procedures such as identifications of the owner and form fill-ins.
(b) The PDC may contain the health history of the owner combined with information about medical treatments, surgeries, vaccinations, allergies, anomalies, blood type, rh factor, etc. Availability and fast evaluation of these data are important in a case of emergency.
(c) The PDC may be used as personal key for communication security, e.g. containing, the owner's private signature key.
(d) The PDC may be used as a rechargeable credit card. The card issuer such as a bank "charges" or "loads" the card with a certain amount of money. With each use the owner withdraws a portion of this amount. After consumption of the total amount the card will be "recharged".
(e) The PDC may be used as a personal notebook and/or to store, for instance, frequently needed information such as telephone numbers.
A technical implementation of a PDC could be based on magnetic bubble memory chips. These chips would eliminate the above-mentioned shortcomings (A) and (B).
Also other read/write memories capable of storing data without a permanent energy supply may be used. Yet, the shortcoming (C), that is the problem of protecting the stored sensitive, confidential and/or secret data against unauthorized access and modification, still would remain.
In the prior art cryptographic principles [1-11], for instance for identity verification, are disclosed. Based on these cryptographic principles, symmetrical (the Data Encryption Standard or DES) and non-symmetrical systems (Public Key Cryptosystems) may be implemented. Symmetrical systems are described, for instance, in [1], whereas non-symmetrical systems are described, for instance, in [2-11].
One problem associated with presently known identity verification systems resides in the fact that the card reading terminal may be connected to a communication system which is unprotected from non-authorized individuals or intruders. Information contained in the card may be obtained by the intruder(s) via such a communication system. Obviously this should be prevented since sensitive or even secret data may be stored in the card. Another problem associated with conventional identity verification systems relates to information which remains stored in the terminal after a validation operation. This information may be read out by an intruder. Again, access to sensitive information should be prevented.
3. Literature
[1] National Bureau of Standards, Federal Information Processing Standard FIPS Publication 46, U.S. Department of Commerce, Washington, D.C. (Jan. 1977).
[2] M. E. Hellman, "The Mathematics of Public-Key Cryptography", Scientific American, Vol. 241, No. 2 (Aug. 1979).
[3] Rivest, Shamir, Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", Communications of the ACM, Vol. 21, No. 2 (Feb. 78).
[4] Needham, R. M., Schroeder, M. D., "Using Encryption for Authentication in Large Networks of Computers", Communic. ACM 21,12 (Dec. 1978), 993-999.
[5] Rabin, M., "Digitalized Signatures", Foundations of Secure Computing, R. Demillo et al., Eds., Academic Press, New York 1978.
[6] Merkle, R. C., Hellman, M. E. "Hiding Information and Signatures in Trapdoor Knapsacks", IEEE Trans. Inf. Theory, Vol. IT-24, No. 5, Sept. 1978.
[7] Shamir, A., "A fast Signature Scheme", MIT/LCS/TM-107, July 1978.
[8] McEliece, R. J., DSN Progress Report 42-44, Jan./Feb. 1978.
[9] Lagger, H., Mueller-Schloer, C., Unterberger, H., "Sicherheitsaspekte in rechnergesteuerten Kommunikationssystemen", Elektronische Rechenanlagen, Oldenbourg Verlag Munich, Dec. 1980, p. 276-280.
[10] Diffie W., Hellman, M. E., "New Directions in Cryptography", IEEE Transactions on Information Theory, Vol. IT-22, No. 6, Nov. 1976, p. 644-654.
[11] Kolata, G. B., "New Codes Coming into Use", Science, Vol. 208, May 1980, p. 694-695.